CVE-2021-27629

Name of the Vulnerable Software and Affected Versions SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) versions 7.22, 7.22EXT, 7.49, 7.53, 7.73, 8.04

Description The issue allows an unauthenticated attacker to send a specially crafted packet over a network, triggering an internal error in the system due to improper input validation in the EncPSetUnsupported() method. This causes the system to crash and become unavailable. The attack does not allow data in the system to be viewed or modified.

Recommendations For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.22, update to a version that fixes the improper input validation issue in the EncPSetUnsupported() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.22EXT, update to a version that fixes the improper input validation issue in the EncPSetUnsupported() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.49, update to a version that fixes the improper input validation issue in the EncPSetUnsupported() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.53, update to a version that fixes the improper input validation issue in the EncPSetUnsupported() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.73, update to a version that fixes the improper input validation issue in the EncPSetUnsupported() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 8.04, update to a version that fixes the improper input validation issue in the EncPSetUnsupported() method.